//
sign in
Post
by @danabra.mov
PostEmbed
by @danabra.mov
Record
by @jimpick.com
Record
by @atsui.org
+ new component
Post
Arch users, please take note!
5d
Taggart
400+ Arch User Repository packages have been compromised in a massive, sophisticated supply chain attack, including a rootkit installation. discourse.ifin.netwo... #ThreatIntel #ThreatIntelligence #IFIN
5d
Last Updated: 2026-06-12T04:22:42Z (UTC) What’s Happening It appears an AUR package maintainer’s account (arojas) was compromised. The maintainer’s account had write access to over 400 package repos. The compromise was reported and other AUR maintainers have been working to remove the infected packages. The affected packages were modified with preinstall scripts to use npm to install the atomic-lockfile package, a malicious payload. Here’s an example of the change: This blog has a deep d...
discourse.ifin.network
400+ AUR Packages Compromised with Infostealer and Rootkit
IFIN